Feature #6115

Audit polipo

Added by Tails 2013-07-18 07:51:10 . Updated 2014-11-28 14:30:50 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Audit
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

A bunch of anonymity, privacy and security issues in Polipo were fixed in Christopher Davis’ branch (git://repo.or.cz/polipo.git) and never merged upstream.

Even if we have stopped using polipo in iceweasel (Feature #5776), we should check if these issues affect Tails… unless we replace polipo with privoxy? (Feature #5379)

{{toc}}

dontIdentifyToClients

Christopher added the dontIdentifyToClients option (commits: 80b45940, be116b5, c78beb81) to fix bug #1082 on Tor Project’s Trac. When set to true, "Polipo tries to avoid transmitting local host name, port, and time zone".

  1. hostname and port: Tails sets proxyName = "localhost" and proxyPort = 8118 just like the Tor Browser Bundle does => nothing critical could be leaked - at worse, leaking this information restricts the practical anonymity set to the best one Tails can try putting its users into => non-issue.
  2. Leaking timezone information to the outside world would be much more annoying: Tails’ web browser has been trying to spoof a EN-US browser since 0.7 for a reason. However, that information can only be transmitted to a HTTP client connected to Polipo; practically speaking, such a client can be any non-SOCKS-aware applications shipped in Tails; most have other means to gather that information anyway, but e.g. untrusted JavaScript in the web browser might be used to access the aforementioned information and leak it => research how to fix this (probably by patching Polipo and pushing that patch upstream and/or to Debian; avoiding to ship Polipo at all would be even better, but we’re not here yet)

Tails Git devel branch sets UTC timezone for everybody, so the timezone leaking issue becomes much less relevant.

others?

Security issues that were not privacy-related have supposedly already been applied to the 1.0.4.1-1.1 polipo package shipped in Debian Squeeze. This should be double-checked, though => research.


Subtasks


Related issues

Related to Tails - Feature #5379: Remove Polipo or replace it with Privoxy Resolved 2014-01-27

History

#1 Updated by intrigeri 2013-07-19 06:13:22

  • Subject changed from polipo to audit polipo
  • Parent task set to Feature #5769

#2 Updated by intrigeri 2013-10-03 11:28:18

  • Type of work changed from Research to Audit
  • Starter set to No

#3 Updated by BitingBird 2014-06-09 11:06:22

  • Subject changed from audit polipo to Audit polipo

#4 Updated by intrigeri 2014-11-28 14:30:50

  • Status changed from Confirmed to Rejected

We’re going to drop it (Feature #5379).